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(57) Abstract 

An access point (GGSN) from a mobile communications system to an external system is selected (3) at a serving node (SGSN) 
of the mobile communications system based on at least two or three grounds of selection: the subscription data of a mobile subscriber 
stored in the mobile communication system or an access point selection data given by a user in a service request (1), or on other grounds. 
The serving node sends to the access point (GGSN) selected a further service request (4) which includes indication of the grounds of the 
selection, Le. whether the access point is selected by subscription, by a user, or based on any other grounds. Thereby the access point is 
able to distinguish and accept service requests in which the rights of the user are already assured by the subscription, without any security 
problems. When the request is based on the selection of the access point by the user, or on any other insecure grounds, the access point is 
able to make any further actions to ensure the security. These further actions may include rejection of the service request. 
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An access control method for a mobile communications sys- 
tem 

Field of the Invention 

The invention relates to controlling the user access to an other 
5 system through a mobile communications network. 

Background of the Invention 

Mobile communications system refers generally to any telecommu- 
nications system which enable a wireless communication when users are 

10 moving within the service area of the system. A typical mobile communications 
system is a Public Land Mobile Network (PLMN). 

Often the mobile communications network is an access network 
providing a user with a wireless access to external networks, hosts, or services 
offered by specific service providers. The user must have a subscribership 

15 with the mobile communications system in order to be able to use the services 
of the mobile system. Normally, in addition to the mobile subscribership,- a 
separate subscribership is needed with each one of the other service provid- 
ers whose services are accessed through the mobile communications network. 
The mobile subscriber data of the user may indicate which external service the 

20 user is authorized to use and which access point or gateway node the service 
request should be routed. The access point or gateway node thdn-pfcvides 
further access to an external network or an external host. In this case the 
service request is routed in basis of a service definition in the mobile sub- 
scriber data stored by a mobile network operator, and therefore there is no 

25 need for further authentication of the user by the gateway or the service pro- 
vider 

It is, however, desirable that the user is able to select the service 
- provider or the most suitable access point of the service provider. For exam- 
ple, the use of the TCP/IP (Transmission Control Protocol / Internet Protocol) 
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data network, i.e. the Internet network has increased very rapidly. Before the 
user can connect to the Internet, he has to have a contract with an Internet 
service provider ISP, who provides access to the Internet via one or more In- 
ternet access points IAP. The IAP may be a e.g. a commercial operator, uni- 
5 versify or private company. An ordinary subscriber of a conventional wired 
network usually needs only one IAP, the one which is close«Uo him, and thus 
has the lowest costs. A mobile subscriber may, however, roam within a large 
area covering one or more countries. If the mobile subscriber always uses the 
same IAP (home IAP) to connect to the Internet, call (data transmission) costs 
10 may increase considerably. The subscriber's Internet service provider ISP 
may have numerous lAPs available all around the world, and therefore it is 
desired that a user is able to select a nearest IAP instead of the home IAP 
which may be defined in the mobile subscriber data. Similar need for capabil- 
ity of selecting the access point by the user may be encountered also in the 
15 services other than the Internet. 

The general packet radio service GPRS is a new service in the 
GSM system, and is one of the objects of the standardization work of the GSM 
phase 2+ at ETSI (European Telecommunication Standard Institute). The 
GPRS operational environment comprises one or more subnetwork service 
20 areas, which are interconnected by a GPRS backbone network. A subnetwork 
comprises a number of packet data service nodes SN, which in this application 
will be referred to as serving GPRS support nodes SGSN, each of which is 
connected to the GSM mobile communication network (typically tob£tee sta- 
tion systems) in such a way that it can provide a packet service for mobile data 
25 terminals via several base stations, i.e. cells. The intermediate mobile commu- 
nication network provides packet-switched data transmission between a sup- 
port node and mobile data terminals. Different subnetworks are in turn con- 
nected to an external data network, e.g. to a public switched data network 
PSPDN, via GPRS gateway support nodes GGSN. The GPRS service thus 
30 allows to provide packet data transmission between mobile data terminals and 
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external data networks when the GSM network functions as an access net- 
work. 

In GPRS network the mobile station MS may optionally indicate, in 
a message requesting to activate a packet data protocol (PDP) context in the 

5 network, an access point name for selection of a reference point to a certain 
external network. A serving GPRS support node SGSN ay^pticates the mo- 
bile user and sends a PDP context creation request to a gateway node GGSN 
selected according to a GGSN address stored in the subscriber data or ac- 
cording to the access point name given by the MS, or to default GGSN known 

10 by the SGSN. 

The inventors of the present invention have realized that this type of 
access point selection by the user may, however, create severe security 
problems when the mobile user is authenticated by the serving point (such as 
the SGSN) in the access network but not by the access point selected (such 

15 as the GGSN). The user may request any access point, although it may be 
authorized to use only one of the access points, and the request will be always 
forwarded to the access point requested. The access point receiving the re- 
quest is not able to determine whether the request is allowed by subscription 
or selected by the user. As the access point (e.g. GGSN) may be connected 

20 directly to a private corporate network, for example, this could be a problem. 

Similar security problems may arise in any mobile communications 

network. 

An object of the present invention is a method which, overcomes or 
alleviates the above described problems. 
25 An aspect of the present invention is an access control method for 

a mobile communications system as claimed in the attached claiml. 

Another aspect of the invention is an access control arrangement 
for a mobile communications system as claimed in the attached claim 8. 

An access point from a mobile communications system to an exter- 
30 nal system can be selected at a serving node of the mobile communications 
system based on at least two or three grounds of selection: the subscription 
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data of a mobile subscriber stored in the mobile communication system or an 
access point selection data given by a user in a service request, or on other 
grounds. The other grounds may include a default access point which, ac- 
cording to a configuration data defined in the serving node, supports the re- 
5 quested protocol type A further service request is sent from the serving node 
to the access point selected. According to the present invention the serving 
node is arranged to always indicate to an access point the grounds of the se- 
lection, i.e. whether the access point is selected by subscription, by user, or 
based on any other grounds. Thereby the access point is able to distinguish 
10 and accept service requests in which the rights of the user are already as- 
sured by the subscription, without any security problems. When the request is 
based on the selection of the access point by the user, or on any other inse- 
cure grounds, the access point is able to make any further actions to ensure 
the security. These further actions may include rejection of the service re- 
15 quest, a further authentication of the user, providing the external system with 
information that the user may be unauthorized user (which information allows 
further security actions by the external system), etc. The external system may 
be, for example, an external network, a host computer, a service center, etc. . 

In the preferred embodiment of the invention the mobile communi- 
20 cations network is a packet radio network, such as GPRS. 

In the following, the invention will be described in greater detail by 
means of preferred embodiments with reference to the accompanying draw- 
ings, in which 

Figure 1 illustrates GPRS network architecture, 
25 Figure 2 illustrates a PDP Context Activation procedure according 

to the present invention. 

The present invention can be applied to any mobile communica- 
tions system in which an access point to an other system, i.e. a network or a 
service, provided the user can be selected according to a definition in a mobile 
30 user subscription or by an access point data given by the user, or on the 
grounds, such as a default selection data.. 
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The term serving node as used herein should be understood to 
generally refer to any network element or functionality which carries out 
authentication of a mobile user and selects an access point and sends a fur- 
her service request to it. A term access point as used herein should be 
5 undestood to generally refer to any network element or functionality which 
provides a gateway or an access to an external system. The4erm service re- 
quest as used herein should be understood to generally refer to any message 
which requests to activate or setup a communication mode in the network. 

The invention can be especially preferably used for providing a 
10 general packet radio service GPRS in the pan-European digital mobile com- 
munication system GSM (Global System for Mobile Communication) or in cor- 
responding mobile communication systems, such as DCS 1800 and PCS 
(Personal Communication System). In the following, the preferred embodi- 
ments of the invention will be described by means of a GPRS packet radio 
15 network formed by the GPRS service and the GSM system without limiting the 
invention to this particular packet radio system. 

Figure 1 illustrates a GPRS packet radio network implemented in 
the GSM system. 

The basic structure of the GSM system comprises two elements: a 
20 base station system BSS and a network subsystem NSS. The BSS and mobile 
stations MS communicate over radio links. In the base station system BSS 
each cell is served by a base station BTS. A number of base stations are con- 
nected to a base station controller BSC, which controls the radio freejfcencies 
and channels used by the BTS. Base station controllers BSC are connected to 
25 a mobile services switching centre MSC. As regards a more detailed descrip- 
tion of the GSM system, reference is made to the ETSI/GSM recommenda- 
tions and The GSM System for Mobile Communications, M. Mouly and M. 
Pautet, Palaiseau, France, 1992, ISBN:2-9571 90-07-7. 

In the figure the GPRS system connected to the GSM network 
30 comprises one GPRS network, which in turn comprises one serving GPRS 
support node (SGSN) and several GPRS gateway support nodes (GGSN). 
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The different support nodes SGSN arid GGSN are interconnected by an intra- 
operator backbone network. It is important to realize that in the GPRS network 
there may be any number of serving support nodes and gateway support 
nodes. 

5 The serving GPRS support node SGSN is a node which serves the 

mobile station MS. Each support node SGSN controls a paskefcdata service 
within the area of one or more cells in a cellular packet radio network, and 
therefore, each support node SGSN is connected (Gb interface) to a certain 
local element of the GSM system. This connection is typically established to 

10 the base station system BSS, i.e. to base station controllers BSC or to a base 
station BTS. The mobile station MS located in a cell communicates with a 
base station BTS over a radio interface and further with the support node 
SGSN to the service area of which the cell belongs through the mobile com- 
munication network. In principle, the mobile communication network between 

15 the support node SGSN and the mobile station MS only relays packets be- 
tween these two. To realize this the mobile communication network provides 
packet-switched transmission of data packets between the mobile station MS 
and the serving support node SGSN. It has to be noted that the mobile corrv 
munication network only provides a physical connection between the mobile 

20 station MS and the support node SGSN, and thus its exact function and 
structure is not significant with respect to the invention. The SGSN is also pro- 
vided with a signalling interface Gs to the visitor location register VLR of the 
mobile communication network and/or to the mobile services switching ibentre, 
e.g. signalling connection SS7. The SGSN may transmit location information 

25 to the MSC/VLR and/or receive requests for searching for a GPRS subscriber 
from the MSC/VLR. 

The GPRS gateway support nodes GGSN connect an operator's 
GPRS network to external systems, such as other operators' GPRS systems, 
data networks 11-12, such as IP network (Internet) or X.25 network, and 

30 service centers. A border gateway BG provides an access to an inter-operator 
GPRS backbone network. The GGSN may also be connected directly to a pri- 
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vate corporate network or host. The GGSN includes GPRS subscribers* PDP 
addresses and routing information, i.e. SGSN addresses. Routing information 
is used for tunneling protocol data units PDU from data network 1 1 to the cur- 
rent switching point of the MS, i.e. to the serving SGSN. Functionalities of the 
5 SGSN and GGSN can be connected to the same physical node. 

The home location register HLR of the GSI\fc«fietwork contains 
GPRS subscriber data and routing information and maps the subscriber's IMSI 
into one or more pairs of the PDP type and PDP address. The HLR also maps 
each PDP type and PDP address pair into one or more GGSNs. The SGSN 

10 has a Gr interface to the HLR (a direct signalling connection or via an internal 
backbone network 13). The HLR of a roaming MS may be in a different mobile 
communication network than the serving SGSN. 

An intra-operator backbone network 13, which interconnects an op- 
erator's SGSN and GGSN equipment can be implemented, for example, by 

15 means of a local network, such as an IP network. It should be noted that an 
operator's GPRS network can also be implemented without the intra-operator 
backbone network, e.g. by providing all features in one computer. 

An inter-operator backbone network is a network via which different 
operators 1 gateway support nodes GGSN can communicate with one another. 

20 Network access is the means by which a user is connected to a 

telecommunication network in order to use the services and/or facilities of that 
network. An access protocol is a defined set of procedures that enables the 
user to employ the services and/or facilities of the network. The S(3BN, which 
is at the same hierarchical level as the MSC, keeps track of the individual MSs' 

25 location and performs security functions and access control. GPRS security 
functionality is equivalent to the existing GSM security. The SGSN performs 
authentication and cipher setting procedures based on the same algorithms, 
keys, and criteria as in existing GSM. GPRS uses a ciphering algorithm opti- 
mised for packet data transmission. 

30 In order to access the GPRS services, a MS shall first make its 

presence known to the network by performing a GPRS attach. This operation 



DOCID: <WO__9937103A1 J_> 



WO 99/37103 



8 



PCT/FI99/00012 



establishes a logical link between the MS and the SGSN, and makes the MS 
available for SMS over GPRS, paging via SGSN, and notification of incoming 
GPRS data. More particularly, when the MS attaches to the GPRS network, 
i.e. in a GPRS attach procedure, the SGSN creates a mobility management 
5 context (MM context). Also the authentication of the user is carried out by the 
SGSN in the GPRS attach prosedure. 

In order to send and receive GPRS data, the MS shall activate the 
packet data address that it wants to use, by requesting a PDP activation pros- 
edure. This operation makes the MS known in the corresponding GGSN, and 

10 interworking with external data networks can commence. More, particularly a 
PDP context is created in the MS and the GGSN and the SGSN. 

As a consequence, three different MM states of the MS are typical 
of the mobility management (MM) of a GPRS subscriber: idle state, standby 
state and ready state. Each state represents a spesific functionality and infor- 

15 mation level, which has been allocated to the MS and SGSN. Information sets 
related to these states, called MM contexts, are stored in the SGSN and MS. 
The context of the SGSN contains subscriber data, such as the subscriber's 
IMSI, TLLI and location and routing information, etc. - * 

In the idle state the MS cannot be reached from the GPRS net- 

20 work, and no dynamic information on the current state or location of the MS, 
i.e. the MM context, is maintained in the network. Neither does the MS receive 
nor transmit data packets, in consequence of which no logical link has been 
established between the SGSN and the MS. If the MS is dual modeUferminal, 
i.e. it can function both in the GPRS network and in the GSM network, it can 

25 be in the GSM network when functioning in the GPRS idle state. The MS can 
switch from the idle state to the ready state by attaching to the GPRS network, 
and from the standby or ready state to the idle state by detaching from the 
GPRS network. 

In the standby and ready states the MS is attached to the GPRS 
30 network. In the GPRS network, a dynamic MM context has been created for 
the MS, and a logical link LLC (Logical Link Control) established between the 
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MS and the SGSN in a protocol layer. The ready state is the actual data 
transmission state, in which the MS can transmit and receive user data. The 
MS switches from the standby state to the ready state either when the GPRS 
network searches for the MS or when the MS initiates data transmission or 

5 signalling. The MS may remain in the ready state (for a period set with a timer) 
even when no user data is transmitted nor signalling perfonged.. 

In the standby and ready states the MS may also have one or more 
PDP contexts (Packet Data Protocol), which are stored in the serving SGSN in 
connection with the MM context. The PDP context defines different data 

10 transmission parameters, such as the PDP type (e.g. X.25 or IP), PDP ad- 
dress (e.g. X.121 address), quality of service QoS and NSAPI (Network Servi- 
ce Access Point Identifier). The MS activates the PDU context with a specific 
message, Activate PDP Context Request, in which it gives information on the 
TLLI, PDP type, PDP address, required QoS and NSAPI, and optionally the 

15 access point name APN. When the MS roams to the area of a new SGSN, the 
new SGSN requests MM and PDP contexts from the old SGSN. 

In addition to the standard point-to-point data transfer, GPRS can 
support anonymous access to the network. The service allows a MS to ex- 
change data packets with a predefined host which can be addressed by the 

20 supported interworking protocols. Only a limited number of destination PDP 
addresses can be used within this service. IMSI or IMEI shall not be used 
when accessing the network thus guaranteeing a high level of anonymity. 
Therefore, no authentication and ciphering functionalities are foreseen for 
anonymous access. 

25 As noted above, GGSN selection by the user in the PDP context 

activation procedure may create severe security problems when the mobile 
user is authenticated only by the SGSN but not by the GGSN selected. The 
user may request any GGSN, although it may be authorized to use only one 
of the GGSNs, and the request will be always forwarded to the GGSN re- 

30 quested. The GGSN receiving the request is not able to determine whether the 
request is allowed by subscription or selected by the user. As the GGSN may 
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be connected directly to a private corporate network, for example, this could 
be a problem 

In accordance to the present invention, this problem is overcome or 
alleviated by that the SSGN indicates to the GGSN how the GGSN was se- 
5 lected. 

The PDP Context Activation procedure according *te»4he preferred 
embodiment of the invention will be now explained with reference to Fig. 2. 

At step 1, the MS sends an Activate PDP Context Request (TLLI, 
PDP Type, PDP Address, QoS Requested, NSAPI, Access Point Name APN , 

10 PDP configurations options) message to the SGSN. The MS may optionally 
indicate an Access Point Name APN for the selection of a reference point to a 
certain external network. The GGSN Address is either a GGSN IP address or 
a logical name referring to the GGSN to be used. Further, the MS shall use 
PDP Address to indicate whether it requires the use of a static PDP address or 

15 whether it requires the use of a dynamic PDP address. This is due to the fact 
that PDP addresses can be allocated to a MS in three different ways: the 
Home PLMN operator assigns a PDP address permanently to the MS (static 
PDP address); the HPLMN operator assigns a PDP address to the MS when a 
PDP context is activated (dynamic HPLMN PDP address); or the VPLMN op- 

20 erator assigns a PDP address to the MS when a PDP context is activated 
(dynamic VPLMN PDP address). It is the HPLMN operator that defines in the 
subscription whether a dynamic HPLMN or VPLMN PDP address can be used. 
When dynamic addressing is used, it is the responsibility of the GGSfkfo allo- 
cate and release the dynamic PDP address. 

25 At step 2, security functions may be executed. 

At step 3, the SGSN checks that the MS is allowed to activate the 
PDP address against the subscription data which was stored in the SGSN 
during GPRS attach. If allowed, the SGSN creates a TID (Tunnel Identifier us- 
ed by the GPRS Tunnelling protocol between GSNs to identify a PDP context) 
30 for the requested PDP context by combining the IMSI stored in the MM context 
with the NSAPI received from the MS. If the MS requests a dynamic address, 
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then the SGSN lets a GGSN allocate the dynamic address. The GGSN used is 
the GGSN Address stored in the PDP context, or, if this field is empty, the 
GGSN indicated by the Access Point Name in the Activate PDP Context Re- 
quest message. A suitable GGSN shall be chosen by the SGSN, if hte VPLMN 
5 address is allowed in the mobile subscriber data and if there is no APN or no 
APN corresponding to a valid GGSN address. 

At step 4, the SGSN sends a Create PDP Context Request (IMS!, 
APN, PDP configurations options, PDP Type, PDP Address, QoS Negotiated, 
TID) message to the affected GGSN. PDP Address is set to zero if a dynamic 

10 address is requested. Further, in accordance with the present invention, the 
SGSN indicates in the Create PDP Context Request message how the GGSN 
was chosen. In the preferred embodiment of the invention the Create PDP 
Context Request message is provided with a new information unit Selection 
mode having three values, namely APN, Subscription, and SGSN, indicating 

15 whether the GGSN was chosen based on the subscription or based on the 
Access Point Name given by the MS, or whether the GGSN was chosen by 
the SGSN, respectively. 

At step 5 t the GGSN checks the value of the Selection mode in- the 
request message. If the value of the Selection mode is Subscription, the 

20 GGSN knows that it was chosen based on the subscriber data stored in the 
SGSN, and therefore, the mobile user most likely has a right to use the spesi- 
fic GGSN. In that case the GGSN accepts the request and creates a new entry 
in its PDP context table. The new entry allows the GGSN to route P&P PDUs 
between the SGSN and the external PDP network. If the value of the Selection 

25 mode is Access Point Name, the GGSN knows that it was chosen based on 
the Access point name given by the user, and therefore there is a risk that the 
user is not authorized to use the specific GGSN. In that case, according to one 
embodiment of the invention, the GGSN rejects the request and does not cre- 
ate a PDP context. Alternatively, the GGSN may, however, make any action to 

30 ensure the security, such as a further authentication of the user, or providing 
the external system with information that the user may be unauthorized user 
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(which information allows further security actions by the external system), etc. 
If the value of the Selection mode is SGSN, the GGSN proceeds as in case of 
value Access Point Name, depending on its configuration, even if the most 
likely case is that the normal use is suspected and the GGSN can establish 

5 the context. However, if less strict security is allowed, the GGSN may also 
proceed as in case of value Subscription. m~*x-~ 

At step 6, the GGSN then returns a Create PDP Context Response 
(TID, PDP configuration options, PDP Address, BB Protocol, Cause) message 
to the SGSN over the GPRS backbone network. The Cause value indicates if 

10 a PDP context has been created in the GGSN or not. The Cause value 
'Request Accepted' indicates that a PDP context has been created in the 
GGSN. A PDP context has not been created in the GGSN, i.e. the request is 
rejected, if the Cause differs from 'Request accepted 1 . PDP Address is in- 
cluded if the GGSN allocated a PDP address. BB Protocol indicates whether 

15 TCP or UDP shall be used to transport user data on the backbone network 
between the SGSN and GGSN. 

At step 7, upon receiving a Create PDP Context Response with a 
Cause "Request accepted", the SGSN inserts the NSAPI along with the GGSM 
address in its PDP context. If the MS has requested a dynamic address, the 

20 PDP address received from the GGSN is inserted in the PDP context. The 
SGSN returns an Activate PDP Context Accept (TLLI, PDP Type, PDP Ad- 
dress, NSAPI, QoS Negotiated) message to the MS. The SGSN is now able to 
route PDP PDUs between the GGSN and the MS. ^ 

If the PDP context activation procedure fails, e.g the GGSN returns 

25 a Create PDP Context Response with Cause which rejects the Create PDP 
Context Request, the SGSN returns an Activate PDP Context Reject (Cause) 
message. The MS may then attempt another activation to the same PDP ad- 
dress up to a maximum number of attempts. 

A more sophisticated GGSN selection algorithm which may be 

30 used at step 3 in the PDP context creation algorithm above will be now de- 
scribed. This improved GGSN selection algorithm is arranged to better take 
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account the configurations in a subscriber data made by the home operator of 
the mobile subscriber. The improved selection algorithm follows the following 
basic principles: 

1. If home operator has configured for a MS a static address, then 
5 the GGSN stored in the mobile subscriber data shall be used always when this 

address is required. 

2. If an MS requests a non-subscribed address (not defined in the 
mobile subscriber data), the SGSN shall reject the request. 

3. If a dynamic address is not allowed according to the mobile 
10 subscriber data, and if only one address is defined in the mobile subscriber 

data for the requested PDP type, even if the MS requests a dynamic address 
or an empty PDP address, the SGSN selects the address defined in the mo- 
bile subscriber data. 

4. If home operator has allowed for a MS a dynamic address, but 
15 a VPLMN address is not allowed, then a GGSN stored in the mobile sub- 
scriber data for this PDP type s always used. 

5. If home operator has allowed for a MS a dynamic address and 
the VPLMN address is allowed, and the MS has defined the GGSN by a'Ac- 
cess Point Name APN in the PDP context activation, then the GGSN defined 

20 by the APN sent by the MS is used. 

6. If home operator has allowed for a MS a dynamic address and 
the VPLMN address is allowed and the MS has not defined the GGSN by a 
Access Point Name in the PDP context activation, but the VPLMf^upports 
the requested protocol (PDP type) (i.e. SGSN knows a GGSN that supports 

25 the request protocol), then SGSN selects the supporting GGSN 

7. if home operator has allowed for a MS a dynamic address and 
the VPLMN address is allowed and the MS has not defined the GGSN by a 
Access Point Name in the PDP context activation and the VPLMN does not 
support the protocol, then the GGSN that is indicated in the mobile subscriber 

30 data for this PDP type shall be used. 



5DOCID: <WO 99371 03A1J_> 



WO 99/37103 



PCT/FI99/00012 



14 

8. When a dynamic address is requested and the SGSN uses the 
GGSN defined in the mobile subscriber data, then SGSN will check whether 
there is only a single GGSN defined for this PDP type or none or many 
GGSNs defined for this PDP type. If there is only one GGSN defined for this 
5 PDP type, the SGSN will use this GGSN. If there are many GGSNs defined for 
this PDP type, the SGSN will select one of the GGSNs. If ffiete is no GGSN 
defined for this PDP type, the SGSN will reject the request. 

A detailed GGSN algorithm according to one embodiment of the in- 
vention meeting the above principles is described in the following. In the Acti- 
10 vate PDP context request the parameters include the PDP type (mandatory), 
the PDP address (optional, empty address means that a dynamic address is 
requested), the APN (Access Point Name (optional). In the Create PDP con- 
text request message sent by the SGSN to the GGSN the parameters include 
: PDP type: mandatory, PDP address: optional, APN: optional. 
15 Firstly, the SGSN receives a Activate PDP Context message from 

the MS. Then the SGSN checks the PDP address field and APN field in the 
received Activate PDP Context message. 

1 .) If the PDP address field is empty and the APN field is empty, 
then check whether a dynamic address is allowed according to the sub- 

20 scriberdata. 

1.1.1) If the dynamic address is allowed, then check whether 
VPLMN address is allowed to the user according to the subscriber 
data. 

1.1.1.1) If VPLMN address is allowed, then check whether 
25 there is a default GGSN (configured in the SGSN) supporting 

the PDP type indicated by the MS available. 

1.1.1) If the default GGSN is available, use it and send to 
the selected GGSN a Create PDP Context Request in 
which the PDP address field and the APN fields are 
30 empty. 
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1.1.1.2) If no default GGSN address is available for this 
PDP type, then check if there is a GGSN address de- 
fined for this PDP type in the subscriber data of the mo- 
bile subscriber. 

5 1.1.1.2.1) If there is a GGSN address defined for a 

dynamic address for this PDP lype or if there is a 
single GGSN address for this PDP type, use this 
GGSN address and send to this GGSN a Create 
PDP Context Request in which the PDP address 

10 field and the APN fields are empty. 

1.1.1.2.2) If there is no GGSN address defined for a 
dynamic address for this PDP type or if there is no 
or many GGSN address(es) for this PDP type, re- 
ject the request to activate the PDP context. 

15 1.1.2) If the VPLMN address is not allowed, then check 

whether there is a GGSN address for this PDP type in the mo- 
bile subscriber data. 

1.1.2.1) If there is a GGSN address for this PDP type in 
the mobile subscriber data or if there is there is a single 

20 GGSN address for this PDP type, use this GGSN ad- 

dress and send to this GGSN a Create PDP Context Re- 
quest in which the PDP address field and the APN fields 
are empty. 

1.1.2.2) If there is no GGSN address defined for a dy- 
25 namic address for this PDP type or if there is no or many 

GGSN address(es) for this PDP type, reject the request 

to activate the PDP context. 
1.2) If the dynamic address is not allowed, then check whether 
there is a single GGSN address for this PDP type in the mobile 
30 subscriber data. 
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1.2.1) If there is a GGSN address for this PDP type in the mo- 
bile subscriber data, use this GGSN address and send to this 
GGSN a Create PDP Context Request which includes a PDP 
address obtained from the mobile subscriber data and in 

5 which the APN field is empty. 

1.2.2) If there is no GGSN address defined»fepthis PDP type, 
reject the request to activate the PDP context. 

2) If the PDP address field is occupied and the APN field empty in 
the received Activate PDP Context message, compare the PDP address sent 

10 by the MS with the PDP address(es) obtained from the mobile subscriber data. 

2.1) If any of the PDP addresses in the subscriber data do match, 
then send a Create PDP Context Request which includes this 
matching PDP address to a corresponding GGSN address obtained 
from the mobile subscriber data. 

15 2.2.) If any of the PDP addresses in the subscriber data do not 

match, reject the request to activate the PDP context. 

3) If the PDP address field is empty and the APN field is not empty 
in the received Activate PDP Context message, then check whether a dynamic 
address is allowed. 

20 3.1) If the dynamic address is not allowed, check whether there is a 

single GGSN address defined for this PDP type in the mobile sub- 
scriber data. 

3.1.1) If there is a single GGSN address for this PDP^ype in 
the subscriber data, then use this GGSN address and send to 

25 the selected GGSN a Create PDP Context Request which in- 

cludes a PDP address obtained from the subscriber data and 
the APN obtained from the user. 

3.1.2) If there is not a single GGSN address for this PDP type 
in the subscriber data, reject the request to activate the PDP 

30 context. 
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3.2) If he dynamic address is allowed, then check whether a 
VPLMN address is allowed. 

3.2.1) If the VPLMN address is allowed, then try to convert the 
APN into the GGSN IP address (e.g., using DNS server) 
5 3.2.1.1) If you can convert the APN, then send to this 

GGSN the Create PDP Context Redftrest including the 
APN. 

3.2.1.2) If you cannot convert the APN, then check 
whether there is a default GGSN (configured in SGSN, 
10 not from mobile subscriber data) supporting the re- 

quested PDP type sent by MS. 

3.2.1.2.1) if there is a default GGSN, then use it. 

3.2.1.2.2) If there is no default GGSN available for 
this PDP type, then check if there is a GGSN ad- 

15 dress for this PDP type defined in the mobile sub- 

scriber data. 

3.2.1.2.2.1) If there is a GGSN address de- 
fined for dynamic address for this PDP type* or 
if there is a single GGSN address for this PDP 

20 type, then send to this GGSN the Create PDP 

Context Request including the APN. 

3.2.1.2.1.2) If there is no GGSN address de- 
fined for a dynamic address for this POP type 
or if there is no or many GGSN address(es) for 

25 this PDP type, reject the request to activate 

the PDP context. 
3.2.2) If VPLMN address is not allowed, then check if there is 
a GGSN address for this PDP type defined in the mobile sub- 
scriber data. 

30 3.2.1.1) If there is a GGSN address defined for dy- 

namic address for this PDP type or if there is a sin- 
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gle GGSN address for this PDP type, then send to 
this GGSN the Create PDP Context Request with 
an empty PDP address and the APN field sent by 
MS. 

5 3.2.1.2) If there is no GGSN address defined for a 

dynamic address for this PDP tyjS6"©rif there is no 
or many GGSN address(es) for this PDP type, re- 
ject the request to activate the PDP context. 
4) if the PDP address field is full and the APN field is not empty in the 
10 received Activate PDP Context message, check whether the received PDP 
address equals to one of the PDP addresses defined for this PDP type in the 
mobile subscriber data. 

4.1) If one of the PDP addresses do match, then use the PDP and 
GGSN addresses obtained from the mobile subscriber data and the 

15 Create PDP Context Request containing the PDP address and the 

APN. 

4.2) If none of the PDP addresses do match, then reject the request to 
activate the PDP context. 

A detailed selection GGSN algorithm according to another embodiment 
20 of the invention meeting the above principles is described in the following. This 
second algorithm is identical with the above described first algorithm in steps 1 
to 3.1 .2 and in steps 4 to 4.2. The remaining steps are as follows: 

3.2.) If a dynamic address is allowed, then derive the -GG~SN ad- 
dress from the APN. 

25 3.2.1) If the GGSN address is in the HPLMN, then use it and 

send a Create PDP Context Request including the APN. 
3.2.2) If the GGSN address is in the VPLMN, then check 
whether a VPLMN address is allowed. 

3.2.2.1) If a VPLMN address is allowed, then use it and 

30 send a Create PDP Context Request including the APN. 
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3.2.2.2) If a VPLMN address is not allowed, then check 
whether there is a GGSN address for this PDP type de- 
fined in the mobile subscriber data. 

3.2.2.2.1) If there is a GGSN address defined for 
5 dynamic address for this PDP type or if there is a 

single GGSN address for this PDP type, then send 
to this GGSN the Create PDP Context Request with 
an empty PDP address and the APN field sent by 
MS. 

10 3.2.2.2.2) If there is no GGSN address defined for 

a dynamic address for this PDP type or if there is no 
or many GGSN address(es) for this PDP type, re- 
ject the request to activate the PDP context. 
It should be noted that in step 1.1.2 it seems useful to define a de- 
15 fault GGSN for a dynamic address. In the HLR, it will be a normal context with 
an empty PDP address. If there is a single GGSN for this PDP type, it could be 
understood, that this GGSN should be used also for a dynamic address. It 
may be surprising to use a dynamic address if you have a static address allo- 
cated in the same GGSN, but the static address might have a processing in- 
20 tensive screening. 

It should be further noted that the basic idea in steps 3.2 to 3.2.1 of 
the first embodiment is that if a VPLMN address is not allowed, then it is not 
possible to use a GGSN not subscribed. The reason is that if you are roaming, 
how the visited SGSN will know if the IP address of the GGSN is in the Home 
25 network. It could be in a third PLMN. The way to know it would be that each 
SGSN in the world knows the IP subnetwork of each operator/If the IMSI in- 
cludes network codes and country codes, one solution the IP subnetwork of 
each operator should be a country code.network code.xxx.zzz. In this em- 
bodiment the VPLMN allowed parameter could be renamed as a non- 
30 subscribed GGSN allowed. This embodiment allows the operator to use dy- 
namic address (in order to save address space) but also use a fixed GGSN 
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(eg, the corporate GGSN with specific screening profile) while using APN for 
external network. Otherwise the user could change the APN and use other 
GGSN than its corporate. 

It should be further noted that in step 4.1.2 it is considered that if a 
5 non subscribe address is requested, the request should be rejected. But if an 
address has to be negotiated (as it is common in the IP wqddX it can still be 
part of PDP configurations options which are transparent to the SGSN. 

Similar modifications as described with reference to Fig. 2 may 
bemade in an Anonymous Access PDP Context activation procedure of the 
10 GPRS. More particularly, the SGSN is arranged to indicate in the Create PDP 
Context Request message how the GGSN was chosen. In the preferred em- 
bodiment of the invention the Create PDP Context Request message is pro- 
vided with a new information unit Selection mode having three values, namely 
APN, Subscription, and SGSN, indicating whether the GGSN was chosen 
15 based on the subscription or based on the Access Point Name given by the 
MS. or whether the GGSN was chosen by the SGSN, respectively. Further, 
the GGSN is arranged to check the value of the Selection mode in the request 
message. If the value of the Selection mode is Subscription, the GGSN .ac- 
cepts the request and creates a new entry in its PDP context table. If the value 
20 of the Selection mode is Access Point Name or SGSN, the GGSN rejects the 
request and does not create a PDP context, or alternatively performs any 
other action to ensure the security. 

The present invention can be applied also to control the rdgWests of 
the users to join a Point-to-Multipoint user group. The point-to-multipoint 
25 Group call (PTM.G) service is used in the GPRS to deliver information from a 
single point, such as a service center, to a group of users. The service may be 
open for all user, i.e. the group is open, or the service may be restricted to 
specific users, i.e. the group is closed. Typical applications are delivery of 
news and traffic information. The access point is now the PTM service center, 
30 for example. The mobile subscriber data stored in the SGSN contain informa- 
tion about subscription to a PTM Group. In a request sent to the PTM service 
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center the SGSN indicates whether the service center was chosen based on 
the subscriber data or based on an access point data given by the MS. The 
service center will check the group status and if the group is open, accept all 
requests, and if the group is closed, accept only the requests having indication 

5 that the service center was selected based on subscriber data. 

Similarly the present invention can be applied irwa«y mobile com- 
munications network. An operator of an external system or a service provider 
may have agreement with the mobile network operator that the mobile network 
operator stores information on the subscription to the external system or serv- 

10 ice in the mobile subscriber data. The serving network element or function in 
the mobile network shall, in accordance the principles of the present invention, 
indicate to the service provider or operator whether the service request is 
based on a subscription or not. A potential mobile networks in which the prin- 
ciples of the present invention may be applied are the third generation mobile 

15 communications systems, such as the Universal Mobile Communications 
System (UMTS) and the Future Public Mobile Telecommunication System 
(FPLMTS), or IMT-2000. 

The description only illustrates preferred embodiments of the inven- 
tion. The invention is not, however, limited to these examples, but it may vary 

20 within the scope and spirit of the appended claims. 
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Claims 

1. An access control method for a mobile communications sys- 
tem, comprising steps of 

sending an access request from a mobile subscriber unit of a mo- 
5 bile subscriber to a serving support node over an air interfa^^^ 

selecting at said serving support node an access point to an exter- 
nal system on the grounds of the subscription data of the mobile subscriber 
or on grounds of an access point data possibly given in said access request or 
on other grounds, 

10 sending from said serving support node to said selected access 

point a request to create a transmission context for communication between 
the mobile subscriber unit and the selected access point, characterized by 
further step of 

indicating in said transmission context request the grounds of the 
15 selection of the access point. 

2. The method according to claim 1, characterized by a further step 

rejecting at said access point the transmission context request if the 
grounds of the access point selection is an access point data given in said 
20 service request message. 

3. The method according to claim 1, characterized by a further step 

rejecting at said access point the transmission context request if the 
grounds of the access point selection is other than the subscription data of the 
25 mobile subscriber. 

4. The method according to claim 1, characterized by a further step 

of 

performing a further security action, such as a further authentication 
of the user, at said access point if the grounds of the access point selection is 
30 an access point data given in said access request message. 
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5. The method according to claim 1, characterized by a further step 

of 

performing a further security action, such as further authentication 
of the user, at said access point if the grounds of the access point selection is 
5 other than the subscription data of the mobile subscriber. 

6. A method according to any one of the pr5C@Hing claims in a 
packet radio system, characterized by steps of 

sending a packet data protocol (PDP) context activation request 
from a mobile subscriber unit of a mobile subscriber to a serving packet radio 
10 support node over an air interface, 

selecting at said serving packet radio support node a gateway 
packet radio support node providing an access to an external system, on the 
grounds of the subscription data of the mobile subscriber or on the grounds of 
an access point data possibly given in said service PDP context activation re- 
15 quest or on other grounds, 

sending from said serving packet radio support node to said se- 
lected gateway packet radio support node a request to create a PDP context 
for communication between the mobile subscriber unit and the selected gate- 
way packet radio support node, 
20 indicating in said create PDP context request the grounds of selec- 

tion of the access node. 

7. Method according to claim 6, characterized in that the packet ra- 
dio network comprises a general packet radio service GPRS. 

8. An access control arrangement for a mobile communications 
25 system, comprising mobile subscriber units, serving network elements and 
access points to external systems, each of the serving network elements be- 
ing responsive to an access request received from a mobile subscriber unit of 
a mobile subscriber over an air interface for selecting one of said access 
points on the grounds of the subscription data of the mobile subscriber or on 
30 the grounds of an access point data possibly given in said access request or 
on other grounds, and each of the serving network elements being further ar- 
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ranged to send to said selected access point a request to create a transmis- 
sion context for communication between the mobile subscriber unit and the 
selected access point, characterized in that each of said serving network ele- 
ments being further arranged to indicate the grounds of the selection of the 
5 access point, in said transmission context request. 

9. The arrangement according to claim 8, characterized in that the 
selected access point is arranged to reject the transmission context request in 
response to the grounds of the access point selection being an access point 
data given in said service request message. 
10 10. The arrangement according to claim 8, characterized in that 

that the selected access point is arranged to reject the transmission context 
request in response to the grounds of the access point selection being other 
than the subscription data of the mobile subscriber. 

11. The arrangement according to claim 8, characterized in that that 
15 the selected access point is arranged to perform a further security action, such 

as a further authentication of the user, request in response to the grounds of 
the access point selection being an access point data given in said service re- 
quest message. . * 

12. The arrangement according to claim 8, characterized in that that 
20 the selected access point is arranged to perform a further security action, such 

as a further authentication of the user, request in response to the grounds of 
the access point selection being other than the subscription data of the mobile 
subscriber. Li*- 

13. An arrangement according to any one of the claims 8-12, char- 
25 acterized in that said mobile communications system is a packet radio system, 

such as a general packet radio service GPRS. 

14. An arrangement according to claim 13, characterized in that the 
serving support node is a serving packet radio support node and the access 
points comprise gateway packet radio support nodes, and that the access re- 

30 quest is a packet data protocol (PDP) context activation request and the 
transmission context request is a request to create a PDP context for commu- 
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nication between a mobile subscriber unit and a selected gateway packet ra- 
dio support node. 

15. An arrangement according to claim 13, characterized that the 
arrangement is arranged to control an access of users to a Point-to-Multipoint 

5 user group. 

16. An access point selection method for a servia§=support node in 
a mobile communications system, comprising steps of 

receiving an access request from a mobile subscriber unit of a mo- 
bile subscriber over an air interface, said access request including at least in- 
10 dication of a protocol type required by the mobile subscriber unit, 

selecting at said serving support node an access point to an exter- 
nal system on the grounds of the subscription data of the mobile subscriber 
or on the grounds of an access point data possibly given in said access re- 
quest or on other grounds, characterized in that said step of selecting com- 
15 prises further steps of 

selecting, in response to that a dynamic address is not allowed 
according to the mobile subscriber data and only one address is defined in the 
mobile subscriber data for the requested protocol type, said only address. de- 
fined in the mobile subscriber data. 
20 17. An access point selection method for a serving support node in 

a mobile communications system, comprising steps of 

receiving an access request from a mobile subscriber unit of a mo- 
bile subscriber over an air interface, said access request including ai&least in- 
dication of a protocol type required by the mobile subscriber unit, 
25 selecting at said serving support node an access point to an exter- 

nal system on the grounds of the subscription data of the mobile subscriber 
or on the grounds of an access point data possibly given in said access re- 
quest or on other grounds, characterized in that said step of selecting com- 
prises further steps of 
30 selecting an access point defined for the requested protocol type in 

the mobile subscriber data always when a dynamic address is allowed and a 
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visited public land mobile address is not allowed according to the subscription 
data of the mobile subscriber. 

18. An access point selection method for a serving support node in 
a mobile communications system, comprising steps of 

5 receiving an access request from a mobile subscriber unit of a mo- 

bile subscriber over an air interface, said access request incladiBg at least in- 
dication of a protocol type required by the mobile subscriber unit, 

selecting at said serving support node an access point to an exter- 
nal system on grounds of the subscription data of the mobile subscriber or on 

10 grounds of an access point data possibly given in said access request or on 
other grounds, characterized in that said step of selecting comprises further 
steps of 

checking, in response to a dynamic address being requested by 
the mobile subscriber station and the serving support node using an access 
15 point defined in the mobile subscription data, whether there is only a single 
access point defined for the requested protocol or none or many access points 
defined for the requested protocol in the mobile subscription data, 

carrying out one of following steps in response to said step -of 

checking: 

20 a) if there is only one access point defined for the requested pro- 

tocol type, selecting said only one access point, 

b) if there are many access points defined for the requested pro- 

<■ 

tocol type, selecting one of said many access points, 

c) if there is no access point defined for the requested protocol 
25 type, rejecting said access request. 
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